fail2ban is doing nothing?

I modified fail2ban config file as seen below. Restarted, service, and then I went to a remote PC and tried to hack in via ssh using bad root passwords and it let me try 100 time and never banned the IP I was coming in on. What did I do wrong? Do I need to set a path somewhere to my host.deny file or something. Thanks

The most obvious thing that springs to mind is the log file specified in jail.conf. Is it really /var/log/sshd.log where SSH access attempts are logged on your system? In CentOS for example, SSH log attempts are logged to: /var/log/secure.

The most obvious thing that springs to mind is the log file specified in jail.conf. Is it really /var/log/sshd.log where SSH access attempts are logged on your system? In CentOS for example, SSH log attempts are logged to: /var/log/secure.

Something else that occurs to me is iptables. You must be actively using it as your firewall as fail2ban creates a temporary drop rule for the bad source address in /var/log/secure.

If you've done a CentOS 5.3/ISPConfig3 setup, by default the iptables firewall is off. In ISPConfig3 there is a Bastille version which I would recommend that you don't enable as I find it too restricting. Instead, I enable the CentOS version of iptables. The one that creates /etc/sysconfig/iptables rules.

The iptables output shown is the default filter. This needs to be configured for your requirements. One of the things I advise you change are the default policy for INPUT and FORWARD chains from ACCEPT to DROP.

I've sent a HowTo on SquirrelMail and fail2ban to Falko that will be published here in the next few days (once it's been vetted). So if you're interested in setting up SquirrelMail with fail2ban be sure to read that. There's a few gotchas that can catch people out setting this one up.

As far as inbound ports/services to open, it all depends on what you intend running. For example:

The iptables output shown is the default filter. This needs to be configured for your requirements. One of the things I advise you change are the default policy for INPUT and FORWARD chains from ACCEPT to DROP.

I've sent a HowTo on SquirrelMail and fail2ban to Falko that will be published here in the next few days (once it's been vetted). So if you're interested in setting up SquirrelMail with fail2ban be sure to read that. There's a few gotchas that can catch people out setting this one up.

As far as inbound ports/services to open, it all depends on what you intend running. For example: